In our time of SOPA, PIPA and ACTA, I was wondering what could happen if a government wanted to remove the certificate of a website ?

CA are companies, so they would have to obey to instructions from their government. What could happen if they wanted to remove a certificate issued by a CA ? What would be the impact on HTTPS and S/MIME ?

Could they ask to create a bogus certificate that would not properly secure the communication ?

3 Answers
3

Certificates can be invalidated after-the-fact using certificate revocation. But bear in mind that this simply tells the browser (if the browser actually asks) that the certificate is no longer considered secure.

As far as issuing invalid certificates, while theoretically possible, you have to bear in mind that the very first thing any admin does after installing a certificate is test it -- if it isn't valid he wouldn't use it.

Also, note that the security of the communication is not a function of the certificate. The certificate only certifies that the owner of the domain is in possession of the corresponding private key associated with the public key embedded in the certificate. At no point does the CA ever see the private key or any other information that isn't already public.

All the details relating to the security of the communication between the browser and server are negotiated on-the-spot between the browser and the server.

The CA can issue additional certificates claiming to correspond to your domain for which the private key belongs to the Government rather than to you. And in that case it can be used for a man-in-the-middle attack. But the Government doesn't need the cooperation of your CA, they can go to any CA that the browser trusts to get their phony certificate.

Some corporations install their own CA certificate onto company-owned computers so that they can perform man-in-the-middle attacks on all outbound SSL traffic for the purpose of content inspection. If your CA certificate is trusted by computers by default, then you could do this globally.

For the government to gain effective control over SSL certificates used within its borders, it would first have to establish much stricter control over Internet traffic than most governments currently have. The Great Firewall of China comes to mind here. It's not impossible, but relatively few governments are currently doing it. The reason I say this is necessary, is because no single government can have control over all the CAs in the world. So, they would have to first implement measures that would allow them to restrict SSL access to only websites that use CAs that are under their control.

That being said, what might a government do if they could gain coercive control over a CA? The primary risk would be traffic sniffing. If the government could get the CA to issue them valid certificates for high-profile websites, then they could (via border proxy or other means) set up a man-in-the-middle attack to read whatever data private citizens are exchanging with that site.

Could they get the CA to revoke site certificates? Perhaps they could, but the key here is that certificate trust is at the user's option. Even in the case of expired or revoked certificates, users generally still have the option to let their browser or other programs trust the certificate and conduct business as usual. Then, we eventually work our way back to Problem 1 - controlling what sites the users can access outright.

I do not understand first paragraph. As long as country X has access to the private key of CA Y, they can mitm/impersonate any website/email (even the ones which are not using this CA). This is why the CA system is so fragile: the security of the communication with website Z is not related to its CA, it is related to the weakest CA. Even if Thawte is emit the cert got Google, CNNIC could impersonate Google: you would need to be quite paranoid to notice (check who is the CA each time your connecting or use some CA-paranoid extension for your browser/client).
–
ysdxJan 30 '12 at 22:41

1

@ysdx - Once it is discovered that the government has control over a given CA (and it will be, eventually) users can choose not to trust that CA. A CA is no good without user trust, unless it becomes the users' only option by governmental control.
–
IsziJan 31 '12 at 1:13

Yes, all of them: easiest thing would be to issue a certificate as a CA already trusted in all browsers. This would of course not be a bogus, but a perfectly valid certificate. It would at least secure the communication between user and ... the government.